No edit summary |
(Updated category) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Content Of Security Audit Reports == | == Content Of Security Audit Reports == | ||
* Requestor(s) | * Requestor(s) | ||
* Auditor(s) | * Auditor(s) | ||
| Line 77: | Line 76: | ||
Give recommendations based on the observations which do not fit in the previous categories. | Give recommendations based on the observations which do not fit in the previous categories. | ||
[[Category:Security | [[Category:Security Team]] | ||
Latest revision as of 18:34, 19 August 2016
Content Of Security Audit Reports
- Requestor(s)
- Auditor(s)
- Request date
- Delivery date
Target of evaluation
- Project name
- Project content ((S)RPM package or URL to version control system)
- Version (RPM version, upstream version or version control revision)
- Summarize the scope of the audit and, if possible, aspects of the threat model.
Basic information
- Main programming language(s)
- Approximate lines of codes (sloccount)
- Contains example code (yes/no)
- Contains test suite (yes/no)
- Specific functionality (yes/no)
- Handles authentication
- Network access
- File system access
- D-Bus access
- Process environment access
- Listens on network
- Provides D-Bus service
- Registers MIME types or file extensions
- Installs browser plug-ins
- setuid executable
- Uses fork
- Uses threads
- Thread-safe
Dependencies
- Required libraries
Build options
- Builds compiled code (yes/no)
- Builds managed code (yes/no)
- Builds one or more libraries (yes/no)
- Builds one or more executables (yes/no)
- Uses recommend Defensive Coding code generation/linking options (yes/no)
- Uses Defensive Coding warning flags (yes/no)
- Produces compiler warnings (yes/no)
Assumptions
List all assumptions, such as correct use of APIs. Not all such aspects can be covered in an audit, especially if they require lots of domain-specific knowledge.
Compiler warnings
Note relevant compiler warnings, possibly after changing the compiler invocation to show more warnings. (This may include warnings from non-production compilers/compiler versions).
Banned APIs
Note usage of APIs which are impossible to use correctly (gets, getwd, readdir_r etc.).
Dangerous APIs
Note usage of dangerous APIs (certain C string functions, incorrect temporary files, process environment access from libraries, many forms of serialization).
Definite problems
List issues known to be present in the code base. Mark each one as security-relevant or non-relevant. This includes API misuse such as missing return value checks from malloc or setuid/setgid. This may include dead code (especially conditionally compiled code).
Possible problems
The same list, but this time for issues which are likely, but not definitely present in the source code.
Recommendations
Give recommendations based on the observations which do not fit in the previous categories.